The popular crypto wallet MetaMask recently issued a warning to its community regarding phishing attacks that affect users of Apple’s iCloud service. The attack makes use of the automatic iCloud backup option and users who have this default setting risk getting their password-encrypted MetaMask vault getting into the wrong hands. This could result in hackers stealing the cryptocurrency and NFTs (Non-Fungible Tokens) of the user.
Phishing attacks in the crypto space
Cyber attacks and particularly phishing attacks are nothing new in the crypto space. The truly digital nature of the crypto industry makes it extremely susceptible to bad actors who are constantly trying to get their hands on digital currencies through unfair means. In recent times, there have been a number of high-profile phishing attacks and it seems that almost every week you hear of some new attack taking place.
In a phishing attack, the attacker aims to get hold of sensitive data like usernames, passwords, credit card details, 2FA codes, or crypto wallet credentials. The attacker lures the victim by pretending to be from a reputable institution and requests the targeted user’s data. Phishing attacks come in a number of different types and different methodologies may be deployed by the attacker. They may be carried out via email or personal messaging. Some of the common phishing attacks include the on-path attack and the cross-site _script_ing attack.
Exploiting the iCloud automatic backup service
The possible phishing attacks in question were revealed by MetaMask and they issued a warning to users to remain vigilant in order to protect their digital assets. In a tweet, MetaMask - the crypto wallet provider owned by ConsenSys - described how users who have this automatic backup option enabled and especially those who do not have a strong password are at risk.
This warning was issued after a MetaMask user by the name of ‘Domenic Lacovone’ revealed how he had been the victim of a phishing attack that wiped his wallet of crypto and NFTs having a worth over $650,000. According to the user, he received a call from a caller ID of Apple (this was a spoofed caller ID), believing that this was an original Apple number he gave them the six-digit code that they requested. Within seconds, his MetaMask wallet was wiped clean of all his digital assets.
What happened in essence was that the attackers got hold of the 2FA code that the user had given them and used this to log into his Apple ID. From here they accessed the seed phrase file that MetaMask stores in iCloud. This enabled them to access the MetaMask wallet and steal the assets present in the wallet.
What you can do to protect your wallet
This attack indicates a critical flaw in the automatic backup that makes users vulnerable to such phishing attacks. With the popularity of MetaMask rising every day, and over 30 million monthly active users of the wallet, such attacks are likely to continue. It is very important that users take all the necessary precautions to protect their wallets from unauthorized access. In continuation of their earlier tweet, MetaMask issued the following recommendations:
It simply states that you should disable this default iCloud backup setting for MetaMask. This will prevent the seed phrase from being stored in iCloud. This way, even if someone manages to gain access to your Apple ID and iCloud, they will not be able to get into your MetaMask wallet. Secondly, you should always use a strong password and regularly change it. Lastly, always be vigilant as attackers take no days off. Never share your 2FA code with anyone and be extremely cautious of phishing attempts via email or personal messaging.
Conclusion
The MetaMask phishing attack allows attackers to gain access to the seed phrase that is stored on iCloud as a result of the automatic backup feature. Users not having a strong enough password are extremely vulnerable to such attacks. It is pertinent that you always have a strong password. Also, be extremely cautious of phishing attempts and it is better to disable the automatic backup option for the MetaMask wallet in iCloud.
Author: Gate.io Researcher: Chuk. U
Disclaimer:
* This article represents only the views of the observers and does not constitute any investment suggestions.
*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all other cases, legal action will be taken due to copyright infringement.
This page is not intended for residents and citizens of Spain, Cuba, Bolivia, Venezuela and other Spanish-speaking jurisdictions listed in the Restricted Locations related terms of Gate.io's User Agreement.Español
This page is not intended for residents and citizens of France, Canada and other French-speaking jurisdictions listed in the Restricted Locations related terms of Gate.io's User Agreement.Français (Afrique)